Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
setup L2TP IPSEC VPN in archlinux using NetworkManager

setup L2TP IPsec VPN in archlinux using NetworkManager

install packages first:

yay -S xl2tpd strongswan networkmanager-l2tp

ref: https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup yay: https://github.com/Jguer/yay

then reboot or systemctl restart NetworkManager

using commandline only

nmcli c add con-name CON_NAME type vpn vpn-type l2tp vpn.data 'gateway=GATEWAY_HOST, ipsec-enabled=yes, ipsec-psk=PRE_SHARED_KEY, password-flags=2, user=USERNAME'
nmcli c edit CON_NAME # interactive mode, type help for manual
nmcli c up CON_NAME
nmcli c down CON_NAME
nmcli c delete CON_NAME
  • password-flags=0 => Save password in plain text
  • password-flags=1 => Save encrypted password
  • password-flags=2 => Don't save password, ask when needed
    • when using this, nmcli c up CON_NAME --ask is needed

via GNOME/KDE Plasma GUI

GNOME

add vpn in gnome

options of l2tp ipsec

KDE PLASMA

add_vpn_in_kde

options_of_kde_l2tp_ipsec

  • Gateway is the ip of the vpn server
  • User name is the given user
  • Password can be left blank to enter when connecting
  • click IPsec Settings... button
    • Check Enable IPsec tunnel to L2TP host
    • paste PSK to Pre-shared key
    • IMPORTANT Uncheck Enable IPsec tunnel to L2TP host before click OK button, I think this is a bug
  • click Add button and enable
@Raw1mage

This comment has been minimized.

Copy link

@Raw1mage Raw1mage commented Mar 28, 2019

I was looking for a way to add l2tp vpn client connection using only nmcli, because I did not install Gnome or any KDE.
Your document is the first one in the world that talks about this topic, so I appreciated it very much.
The issue is that after adding a config in /etc/NetworkManage/system-connections,
"systemctl restart NetworkManager" does not import the new config file automatically.
so nmcli c up and all the following steps are not working.

@Raw1mage

This comment has been minimized.

@PeppaCat

This comment has been minimized.

Copy link

@PeppaCat PeppaCat commented Mar 8, 2020

In the last step, if I choose to uncheck it(Enable IPsec tunnel to L2TP host), after I failed to connect this vpn, the next I click the setting section, the pre-shared key disappear.
Another thing I am confused is that when I type:systemctl --type=service,there is no such thing licke networkmanager-l2tp, Is that normal?

@mykrobinson

This comment has been minimized.

Copy link

@mykrobinson mykrobinson commented Mar 20, 2020

I need some assistance with this, please. I am running Manjaro (please don't hurt me) and have followed this guide. I have the VPN configured in NetworkManager, but whenever I go to activate the VPN connection, I get an error "starting the service providing the vpn connection failed"

I've been googling and trying to come up with an appropriate answer to what i've done wrong, but all things I have tried seem to have no effect. Any ideas what I may be missing? Please let me know if you may need further information from me to be able to help.

@leperm

This comment has been minimized.

Copy link

@leperm leperm commented May 11, 2020

Here are some other values you might want to add to the [vpn] part of the config if doing it via command line:

[vpn]
...
ipsec-enabled=yes
domain={your_domain}
ipsec-ike={phase_1_algorithm} 
ipsec-esp={phase_2_algorithm}
...
@daniel1n

This comment has been minimized.

Copy link

@daniel1n daniel1n commented Sep 9, 2020

I'm trying to connect to a “L2PT/IPSEC with preshared key” type VPN. ... Protocol (L2TP) which is the one that gives me the missing plugin error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.